WebHosting|4U

Privacy Policy

How we collect, use, and protect your personal data

Last updated: March 20, 2026

1 Identity of the Data Controller

The data controller of your personal data, within the meaning of the General Data Protection Regulation (EU) 2016/679 (GDPR) and Greek Law 4624/2019, is the sole proprietorship:

Company name: CodeCard.Cloud (t/a WebHosting4U)

Legal representative: Eleftherios Skoulas

Address: 31 Thermopylon St, 18900 Salamina, Greece

Telephone: 229 402 8627

Email: support@webhosting4u.gr

GEMI (Business Registry): 175884103000

EETT Reg. No: 23-131

WebHosting4U operates as a licensed .gr/.el domain name registrar, and provides web hosting, email hosting, and radio streaming services. For any matter relating to the processing of your personal data, you may contact us at support@webhosting4u.gr with the subject line "Personal Data Protection".

2 Data We Collect

In the course of providing our services, we collect and process the following categories of personal data:

Account data

Full name, email address, telephone number, postal address, tax identification number (TIN), and business name (where applicable). This data is collected during account creation and service ordering.

Billing data

Transaction history, invoice details, and payment method (full card details are never stored — payment processing is handled exclusively by Stripe, Inc.). This data is necessary for the fulfilment of tax obligations and service invoicing.

Technical data

IP address, browser type and version, operating system, cookie data, server logs, and access information. Technical data is collected automatically when you visit our website and use our services.

Domain name registrant data

Full name or organisation name, postal address, contact email, and telephone number of the domain name holder. This data is mandatorily transmitted to the Domain Name Registry (ICS-FORTH / GRNET) via the EPP (Extensible Provisioning Protocol) for the creation, renewal, and management of .gr and .el domain names.

Communication data

Support tickets, emails, telephone communications, and all correspondence with us. This data is retained for effective customer service and issue resolution.

3 Purposes and Legal Bases for Processing

We process your personal data solely for specific, explicit, and legitimate purposes, in accordance with Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and Greek Law 5160/2024:

Purpose Legal basis
Performance of service agreements (hosting, email, domain, streaming) Art. 6(1)(b) GDPR — Performance of a contract
Registration and management of .gr/.el domain names through the Registry (ICS-FORTH/GRNET) Art. 6(1)(b) and 6(1)(c) GDPR — Performance of a contract and legal obligation (EETT regulations)
Issuance of invoices, accounting, and tax compliance Art. 6(1)(c) GDPR — Legal obligation (tax legislation)
Compliance with the EETT regulatory framework and Law 5160/2024 on electronic communications Art. 6(1)(c) GDPR — Legal obligation
Network security, fraud prevention, and cyber-attack mitigation Art. 6(1)(f) GDPR — Legitimate interest
Service improvement and website usage analytics Art. 6(1)(f) GDPR — Legitimate interest
Sending newsletters, promotional campaigns, use of non-essential cookies Art. 6(1)(a) GDPR — Consent

Where processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

4 Data Recipients

Your personal data may be disclosed to the following recipients, solely to the extent necessary for the fulfilment of the processing purposes described above. A data processing agreement (DPA) pursuant to Article 28 GDPR has been concluded with each data processor:

Synapsecom S.A. (Greece)

Data centre and hosting infrastructure. Synapsecom provides the physical infrastructure (servers, network, physical security) where your data is hosted within Greece.

ICS-FORTH / GRNET (Greece)

.gr and .el domain name registry. Domain registrant data is transmitted via the EPP protocol for the creation, renewal, transfer, and management of domain names, in accordance with the EETT Domain Name Management and Allocation Regulation.

Stripe, Inc. (USA — EU data stored in the EU)

Card payment processing. Stripe receives the necessary transaction data to complete the payment. European user data is stored on infrastructure within the EU. Stripe is PCI DSS Level 1 certified.

Anonymouse Domains, s.r.o. (Czech Republic)

WHOIS privacy protection service. Replaces the publicly displayed data in the WHOIS database with Anonymouse Domains' details, protecting the actual registrant's information from public exposure.

Google LLC (USA)

Google Analytics for website traffic analysis. Data is anonymised to the extent possible and used exclusively for statistical purposes.

Meta Platforms, Inc. (USA)

Advertising pixels (Meta Pixel) for measuring the effectiveness of advertising campaigns on Facebook and Instagram. Data is used for audience targeting and conversion measurement.

For detailed information regarding data processing agreements and the rights and obligations of each processor, please refer to our Data Processing Agreement (DPA).

5 International Data Transfers

Certain data processors are established outside the European Economic Area (EEA). Specifically, Stripe, Inc., Google LLC, and Meta Platforms, Inc. are established in the United States of America.

To ensure an adequate level of protection for personal data transferred to third countries, we rely on the following mechanisms:

  • Standard Contractual Clauses (SCCs): Transfers to the USA are carried out on the basis of the Standard Contractual Clauses approved by the European Commission's Implementing Decision (EU) 2021/914.
  • Adequacy decisions: For countries that have received an adequacy decision from the European Commission, transfers are made without additional safeguards (e.g., EU-U.S. Data Privacy Framework).
  • Supplementary measures: Where required, technical and organisational measures (encryption, pseudonymisation) are applied to enhance protection.

Stripe stores European user data on infrastructure within the EU. Google and Meta comply with the EU-U.S. Data Privacy Framework.

6 Data Retention Periods

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or for the period required by law:

Data category Retention period
Account data Throughout the contractual relationship and for 5 years after its termination
Billing data Minimum 5 years after the end of the fiscal period, in accordance with tax legislation (Greek Tax Procedure Code)
Domain name data Throughout the domain assignment period, plus the period prescribed by the EETT Regulation following expiry/deletion
Technical data and logs Up to 12 months from collection
Communication data Throughout the contractual relationship and for 3 years after its termination

Upon expiry of the above periods, data is permanently deleted or anonymised, unless its retention is required for the establishment, exercise, or defence of legal claims.

7 Data Subject Rights

In accordance with the GDPR and Greek Law 4624/2019, you have the following rights with respect to your personal data:

Right of access

To obtain confirmation as to whether we process your data and to request a copy thereof.

Right to rectification

To request the correction of inaccurate data or the completion of incomplete data.

Right to erasure

To request the deletion of your data, provided there is no legitimate reason for its retention.

Right to restriction

To request the restriction of processing under specific conditions.

Right to data portability

To receive your data in a structured, machine-readable format and to transmit it to another data controller.

Right to object

To object to processing based on legitimate interest, including profiling.

Withdrawal of consent

To withdraw your consent at any time, without affecting the lawfulness of prior processing.

Right to lodge a complaint

To file a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

How to exercise your rights: To exercise any of the above rights, send an email to support@webhosting4u.gr with the subject line "Data Subject Request". We will respond within one (1) month of receiving your request. In the event of complexity or a high volume of requests, this period may be extended by a further two (2) months, upon prior notification.

8 Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance the browsing experience, analyse traffic, and target advertisements. A detailed description follows:

Strictly necessary cookies

Session cookies, security cookies (CSRF protection), and cookies that ensure the basic functionality of the website. These cookies do not require consent, as they are strictly necessary to provide the service you have requested.

Analytics cookies

Google Analytics (G-VDQ0TDQ9BT): We use Google Analytics to collect anonymous statistics about how our website is used, such as the number of visitors, pages visited, time spent, and traffic sources. This data helps us improve the content and structure of our website.

Marketing cookies

Meta Pixel (Facebook/Instagram): Used to measure advertising effectiveness, create lookalike audiences, and enable remarketing. TikTok Pixel: Used to measure conversions and optimise advertising campaigns on the TikTok platform.

Session recording

Smartlook: We use Smartlook for recording and analysing user sessions (session replay, heatmaps) to improve the user experience (UX). Sensitive fields (passwords, payment data) are automatically masked.

Managing cookies

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. For information on managing cookies:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Settings → Privacy & Security
  • Safari: Preferences → Privacy
  • Edge: Settings → Cookies and site permissions

9 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Specifically:

TLS/SSL encryption

All communications between your browser and our servers are encrypted using TLS 1.2/1.3 protocol.

Firewalls and IDS/IPS

Intrusion detection and prevention systems, as well as network-level and application-level firewalls are employed.

Access controls

Access to data is granted only to authorised personnel, based on the principle of least privilege.

Regular backups

Automated backups are performed regularly and stored in secure, geographically separated locations.

Physical data centre security

Our servers are hosted at the Synapsecom S.A. data centre in Greece, which features 24/7 physical security, controlled access, fire suppression systems, uninterruptible power supply (UPS/generators), and precision climate control.

10 Minors

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If a parent or guardian becomes aware that a minor has provided us with personal data without their consent, please contact us at support@webhosting4u.gr so that we may promptly delete the relevant data.

11 Policy Amendments

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, new legislative requirements, or technological developments.

In the event of material amendments, we will notify you through the following means:

  • Posting the updated policy on our website with a revised last-modified date.
  • Sending an email to the address associated with your account (for material changes that affect your rights).
  • Displaying a prominent notice (banner) on our website.

We encourage you to review this page regularly for any updates. Your continued use of our services following any modifications constitutes acceptance of the updated policy.

12 Contact and Complaints

For any enquiry, comment, or request regarding the processing of your personal data, you may contact us:

WebHosting4U

Email: support@webhosting4u.gr

Telephone: 229 402 8627

Address: 31 Thermopylon St, 18900 Salamina

Email subject: "Personal Data Protection"

Supervisory Authority

Hellenic Data Protection Authority (HDPA)

Address: 1-3 Kifissias Ave, 115 23 Athens

Email: complaints@dpa.gr

Website: www.dpa.gr

If you believe that the processing of your personal data infringes the GDPR or national legislation, you have the right to lodge a complaint with the Hellenic Data Protection Authority. However, we encourage you to contact us first so that we may attempt to resolve the matter amicably.